Description

SafetyNet Playground consists of an Android application and an associated web service that can be used as a sample for developers attempting to securely implement Google's SafetyNet attestation API.

Google's SafetyNet service can help your app maintain a level of assurance that the device you are executing on has not been tampered with. There are many ways to design how you'll do attestation requests, such as using a client-only or client-server architecture. SafetyNet Playground demonstrates a tamper-resistant client-server attestation flow.

This sample app will attempt to make a REST request to a web service. This request will be successful only if the SafetyNet service attests that your device is CTS compatible.

You can read more on SafetyNet Playground at https://www.cigital.com/blog/using-safetynet-api

You can read a technical analysis of SafetyNet internals at https://koz.io/inside-safetynet

This application and associated web service are released as open source codeAndroid application: https://github.com/cigital/safetynet-appWeb Service: https://github.com/cigital/safetynet-web-php